Important All data retrieved from Vault will be
written in cleartext to state file generated by Terraform, will appear in
the console output when Terraform runs, and may be included in plan files
if secrets are interpolated into any resource attributes.
Protect these artifacts accordingly. See
the main provider documentation
for more details.

backend - (Required) The path to the AWS secret backend to
read credentials from, with no leading or trailing /s.

role - (Required) The name of the AWS secret backend role to read
credentials from, with no leading or trailing /s.

type - (Optional) The type of credentials to read. Defaults
to "creds", which just returns an AWS Access Key ID and Secret
Key. Can also be set to "sts", which will return a security token
in addition to the keys.

lease_duration - The duration of the secret lease, in seconds relative
to the time the data was requested. Once this time has passed any plan
generated with this data may fail to apply.

lease_start_time - As a convenience, this records the current time
on the computer where Terraform is running when the data is requested.
This can be used to approximate the absolute time represented by
lease_duration, though users must allow for any clock drift and response
latency relative to the Vault server.

lease_renewable - true if the lease can be renewed using Vault's
sys/renew/{lease-id} endpoint. Terraform does not currently support lease
renewal, and so it will request a new lease each time this data source is
refreshed.